The Intercept reveals Ring employees in Ukraine had unfettered access to customer video feeds

The Intercept published an investigation on January 10, 2019 revealing that beginning in 2016, Ring provided its Ukraine-based research and development team with virtually unfettered access to a folder on Amazon’s S3 cloud storage service containing every video created by every Ring camera around the world. The investigation exposed that Ring employees—including engineers in both the U.S. and Ukraine—could access customer video feeds using only an email address, with video files left unencrypted because Ring leadership believed “encryption would make the company less valuable.” The revelations demonstrated severe privacy violations at the heart of Amazon’s home surveillance network and sparked Congressional investigations into Ring’s security practices.

Scope of Employee Access

Beginning in 2016, Ring granted its Ukraine office—where much of the company’s research and development was conducted—access to an S3 folder containing every video from every Ring camera globally. According to sources who spoke to The Intercept, employees with this top-level access needed only a Ring customer’s email address to watch cameras from that person’s home.

The video annotation team in Ukraine watched footage not only from popular outdoor and doorbell camera models, but from household interiors, where Ring’s indoor cameras captured intimate private moments. At the time the Ukrainian access was provided, the video files were left unencrypted—a decision Ring leadership made because they believed encryption would reduce the company’s value by increasing implementation costs and limiting monetization opportunities from unrestricted data access.

Employee Misconduct and Voyeurism

Sources revealed deeply troubling employee behavior enabled by this unrestricted access. Ring employees at times showed each other videos they were annotating and described things they had witnessed, including people kissing, firing guns, and stealing. Ring engineers in the U.S. engaged in teasing each other about “who they brought home” after romantic dates while coworkers watched surveillance footage.

The revelations painted a picture of a workplace culture where customer privacy was treated casually and intimate surveillance footage became entertainment for employees. Ring staff in Ukraine described watching footage of intimate moments, with the casual sharing of customer videos across teams suggesting minimal oversight or enforcement of privacy protections.

Vice later reported that Ring had fired employees for watching and abusing customer video data, though the company provided few details about how many employees were terminated, what specific misconduct occurred, or when Ring became aware of the problems.

Technical Infrastructure and Encryption Failure

Ring’s decision to leave customer videos unencrypted was particularly egregious given that Amazon—Ring’s parent company since February 2018—had extensive expertise in encryption and security. The decision to prioritize ease of access and data monetization over customer privacy protection represented a fundamental failure of corporate responsibility.

The annotation work that required employee access to videos was driven partly by weaknesses in Ring’s in-house facial and object recognition software. Rather than implementing secure annotation workflows with properly encrypted data and strict access controls, Ring chose to give hundreds of employees across multiple countries unrestricted access to intimate surveillance footage from customers’ homes.

Even after Amazon visited the Ukraine office in May 2018—months after acquiring Ring—and implemented tighter controls, sources reported that staff found ways to circumvent new safeguards, suggesting that the privacy protections remained inadequate.

Congressional Response and Investigations

The revelations prompted Congressional scrutiny of Ring’s security practices. Senators sent letters to Amazon pressing for answers about Ring’s “sloppy security practices,” as The Intercept reported in November 2019. The Congressional inquiry focused on allegations that Ring’s Ukrainian office allowed employees across the company to access customer video data whether they had any legitimate need to do so.

The investigation raised fundamental questions about whether Ring had adequate safeguards to protect customer privacy, particularly given that the company was simultaneously building partnerships with hundreds of police departments that would give law enforcement access to Ring camera footage through the Neighbors app.

Amazon’s Response and Lack of Transparency

Amazon and Ring provided limited public responses to the revelations, offering few details about the extent of employee access to customer videos, how many employees had been disciplined or fired, or what systemic changes had been implemented to prevent future privacy violations.

The company’s opacity about these serious privacy breaches stood in stark contrast to Ring’s marketing messages emphasizing home security and safety. Customers who purchased Ring cameras to monitor their property and protect their families discovered that Ring employees—including staff in a foreign office—had been watching intimate moments inside their homes, with videos left unencrypted and access controls that relied primarily on individual employees’ restraint rather than technical safeguards.

Significance for Surveillance Capitalism

The Ring employee access scandal illustrated how surveillance capitalist business models prioritized data collection, access, and monetization over customer privacy protection. Ring’s decision to leave videos unencrypted because “encryption would make the company less valuable” revealed the underlying economic logic of surveillance technology companies: customer privacy was treated as a cost to be minimized rather than a right to be protected.

The scandal also demonstrated the dangers of creating massive centralized repositories of intimate surveillance footage. By storing all Ring videos in an S3 bucket accessible to employees across multiple countries, Ring created a honeypot of private information with inadequate access controls—a architecture that prioritized the company’s data science and development needs over customer privacy.

Impact on Home Surveillance Debate

The revelations came at a critical moment as Ring was rapidly expanding its partnerships with police departments and building what civil liberties organizations called the largest corporate-owned, civilian-installed surveillance network in U.S. history. The discovery that Ring employees had been watching customer videos undermined the company’s claims that its technology was primarily about empowering homeowners to protect their property.

The scandal raised troubling questions about the broader home surveillance industry: if Ring couldn’t protect customer videos from its own employees, how could it protect that footage from hackers, government agencies, or other unauthorized access? And if a major company backed by Amazon’s resources chose not to encrypt customer videos because it would reduce the company’s value, what did that suggest about the privacy practices of smaller competitors with even fewer resources?

The employee access scandal became a key example in debates about surveillance technology regulation, illustrating the need for mandatory encryption requirements, strict access controls, independent audits, and meaningful penalties for companies that failed to protect intimate surveillance footage from unauthorized viewing—whether by employees, hackers, or government agencies seeking warrantless access to the growing network of cameras documenting life inside American homes.